Ticket #13915: 13915.2.patch

File 13915.2.patch, 8.1 KB (added by hakre, 2 years ago)

refreshed against trunk, incl. check for allow_url_fopen

  • wp-admin/includes/image-edit.php

     
    204204                if ( 'full' != $size && ( $data = image_get_intermediate_size($post_id, $size) ) ) { 
    205205                        $filepath = apply_filters('load_image_to_edit_filesystempath', path_join( dirname($filepath), $data['file'] ), $post_id, $size); 
    206206                } 
    207         } elseif ( WP_Http_Fopen::test() ) { 
     207        } elseif ( ini_get( 'allow_url_fopen' ) ) { 
    208208                $filepath = apply_filters('load_image_to_edit_attachmenturl', wp_get_attachment_url($post_id) , $post_id, $size); 
    209209        } 
    210210 

  • wp-includes/class-http.php

     
    6969         * Tests all of the objects and returns the object that passes. Also caches that object to be 
    7070         * used later. 
    7171         * 
    72          * The order for the GET/HEAD requests are HTTP Extension, cURL, Streams, Fopen, and finally 
     72         * The order for the GET/HEAD requests are HTTP Extension, cURL, Streams and finally 
    7373         * Fsockopen. fsockopen() is used last, because it has the most overhead in its implementation. 
    7474         * There isn't any real way around it, since redirects have to be supported, much the same way 
    7575         * the other transports also handle redirects. 
     
    9898                        } else if ( true === WP_Http_Streams::test($args) ) { 
    9999                                $working_transport['streams'] = new WP_Http_Streams(); 
    100100                                $blocking_transport[] = &$working_transport['streams']; 
    101                         } else if ( true === WP_Http_Fopen::test($args) ) { 
    102                                 $working_transport['fopen'] = new WP_Http_Fopen(); 
    103                                 $blocking_transport[] = &$working_transport['fopen']; 
    104101                        } else if ( true === WP_Http_Fsockopen::test($args) ) { 
    105102                                $working_transport['fsockopen'] = new WP_Http_Fsockopen(); 
    106103                                $blocking_transport[] = &$working_transport['fsockopen']; 
    107104                        } 
    108105 
    109                         foreach ( array('curl', 'streams', 'fopen', 'fsockopen', 'exthttp') as $transport ) { 
     106                        foreach ( array('curl', 'streams', 'fsockopen', 'exthttp') as $transport ) { 
    110107                                if ( isset($working_transport[$transport]) ) 
    111108                                        $nonblocking_transport[] = &$working_transport[$transport]; 
    112109                        } 
     
    125122         * 
    126123         * Tests all of the objects and returns the object that passes. Also caches 
    127124         * that object to be used later. This is for posting content to a URL and 
    128          * is used when there is a body. The plain Fopen Transport can not be used 
    129          * to send content, but the streams transport can. This is a limitation that 
    130          * is addressed here, by just not including that transport. 
     125         * is used when there is a body. 
    131126         * 
    132127         * @since 2.7.0 
    133128         * @access private 
     
    807802} 
    808803 
    809804/** 
    810  * HTTP request method uses fopen function to retrieve the url. 
    811  * 
    812  * Requires PHP version greater than 4.3.0 for stream support. Does not allow for $context support, 
    813  * but should still be okay, to write the headers, before getting the response. Also requires that 
    814  * 'allow_url_fopen' to be enabled. 
    815  * 
    816  * @package WordPress 
    817  * @subpackage HTTP 
    818  * @since 2.7.0 
    819  */ 
    820 class WP_Http_Fopen { 
    821         /** 
    822          * Send a HTTP request to a URI using fopen(). 
    823          * 
    824          * This transport does not support sending of headers and body, therefore should not be used in 
    825          * the instances, where there is a body and headers. 
    826          * 
    827          * Notes: Does not support non-blocking mode. Ignores 'redirection' option. 
    828          * 
    829          * @see WP_Http::retrieve For default options descriptions. 
    830          * 
    831          * @access public 
    832          * @since 2.7.0 
    833          * 
    834          * @param string $url URI resource. 
    835          * @param str|array $args Optional. Override the defaults. 
    836          * @return array 'headers', 'body', 'cookies' and 'response' keys. 
    837          */ 
    838         function request($url, $args = array()) { 
    839                 $defaults = array( 
    840                         'method' => 'GET', 'timeout' => 5, 
    841                         'redirection' => 5, 'httpversion' => '1.0', 
    842                         'blocking' => true, 
    843                         'headers' => array(), 'body' => null, 'cookies' => array() 
    844                 ); 
    845  
    846                 $r = wp_parse_args( $args, $defaults ); 
    847  
    848                 $arrURL = parse_url($url); 
    849  
    850                 if ( false === $arrURL ) 
    851                         return new WP_Error('http_request_failed', sprintf(__('Malformed URL: %s'), $url)); 
    852  
    853                 if ( 'http' != $arrURL['scheme'] && 'https' != $arrURL['scheme'] ) 
    854                         $url = str_replace($arrURL['scheme'], 'http', $url); 
    855  
    856                 if ( is_null( $r['headers'] ) ) 
    857                         $r['headers'] = array(); 
    858  
    859                 if ( is_string($r['headers']) ) { 
    860                         $processedHeaders = WP_Http::processHeaders($r['headers']); 
    861                         $r['headers'] = $processedHeaders['headers']; 
    862                 } 
    863  
    864                 $initial_user_agent = ini_get('user_agent'); 
    865  
    866                 if ( !empty($r['headers']) && is_array($r['headers']) ) { 
    867                         $user_agent_extra_headers = ''; 
    868                         foreach ( $r['headers'] as $header => $value ) 
    869                                 $user_agent_extra_headers .= "\r\n$header: $value"; 
    870                         @ini_set('user_agent', $r['user-agent'] . $user_agent_extra_headers); 
    871                 } else { 
    872                         @ini_set('user_agent', $r['user-agent']); 
    873                 } 
    874  
    875                 if ( !WP_DEBUG ) 
    876                         $handle = @fopen($url, 'r'); 
    877                 else 
    878                         $handle = fopen($url, 'r'); 
    879  
    880                 if (! $handle) 
    881                         return new WP_Error('http_request_failed', sprintf(__('Could not open handle for fopen() to %s'), $url)); 
    882  
    883                 $timeout = (int) floor( $r['timeout'] ); 
    884                 $utimeout = $timeout == $r['timeout'] ? 0 : 1000000 * $r['timeout'] % 1000000; 
    885                 stream_set_timeout( $handle, $timeout, $utimeout ); 
    886  
    887                 if ( ! $r['blocking'] ) { 
    888                         fclose($handle); 
    889                         @ini_set('user_agent', $initial_user_agent); //Clean up any extra headers added 
    890                         return array( 'headers' => array(), 'body' => '', 'response' => array('code' => false, 'message' => false), 'cookies' => array() ); 
    891                 } 
    892  
    893                 $strResponse = ''; 
    894                 while ( ! feof($handle) ) 
    895                         $strResponse .= fread($handle, 4096); 
    896  
    897                 if ( function_exists('stream_get_meta_data') ) { 
    898                         $meta = stream_get_meta_data($handle); 
    899  
    900                         $theHeaders = $meta['wrapper_data']; 
    901                         if ( isset( $meta['wrapper_data']['headers'] ) ) 
    902                                 $theHeaders = $meta['wrapper_data']['headers']; 
    903                 } else { 
    904                         //$http_response_header is a PHP reserved variable which is set in the current-scope when using the HTTP Wrapper 
    905                         //see http://php.oregonstate.edu/manual/en/reserved.variables.httpresponseheader.php 
    906                         $theHeaders = $http_response_header; 
    907                 } 
    908  
    909                 fclose($handle); 
    910  
    911                 @ini_set('user_agent', $initial_user_agent); //Clean up any extra headers added 
    912  
    913                 $processedHeaders = WP_Http::processHeaders($theHeaders); 
    914  
    915                 if ( ! empty( $strResponse ) && isset( $processedHeaders['headers']['transfer-encoding'] ) && 'chunked' == $processedHeaders['headers']['transfer-encoding'] ) 
    916                         $strResponse = WP_Http::chunkTransferDecode($strResponse); 
    917  
    918                 if ( true === $r['decompress'] && true === WP_Http_Encoding::should_decode($processedHeaders['headers']) ) 
    919                         $strResponse = WP_Http_Encoding::decompress( $strResponse ); 
    920  
    921                 return array('headers' => $processedHeaders['headers'], 'body' => $strResponse, 'response' => $processedHeaders['response'], 'cookies' => $processedHeaders['cookies']); 
    922         } 
    923  
    924         /** 
    925          * Whether this class can be used for retrieving an URL. 
    926          * 
    927          * @since 2.7.0 
    928          * @static 
    929          * @return boolean False means this class can not be used, true means it can. 
    930          */ 
    931         function test($args = array()) { 
    932                 if ( ! function_exists('fopen') || (function_exists('ini_get') && true != ini_get('allow_url_fopen')) ) 
    933                         return false; 
    934  
    935                 if ( isset($args['method']) && 'HEAD' == $args['method'] ) //This transport cannot make a HEAD request 
    936                         return false; 
    937  
    938                 $use = true; 
    939                 //PHP does not verify SSL certs, We can only make a request via this transports if SSL Verification is turned off. 
    940                 $is_ssl = isset($args['ssl']) && $args['ssl']; 
    941                 if ( $is_ssl ) { 
    942                         $is_local = isset($args['local']) && $args['local']; 
    943                         $ssl_verify = isset($args['sslverify']) && $args['sslverify']; 
    944                         if ( $is_local && true != apply_filters('https_local_ssl_verify', true) ) 
    945                                 $use = true; 
    946                         elseif ( !$is_local && true != apply_filters('https_ssl_verify', true) ) 
    947                                 $use = true; 
    948                         elseif ( !$ssl_verify ) 
    949                                 $use = true; 
    950                         else 
    951                                 $use = false; 
    952                 } 
    953  
    954                 return apply_filters('use_fopen_transport', $use, $args); 
    955         } 
    956 } 
    957  
    958 /** 
    959805 * HTTP request method uses Streams to retrieve the url. 
    960806 * 
    961807 * Requires PHP 5.0+ and uses fopen with stream context. Requires that 'allow_url_fopen' PHP setting